![securecoding logo](/images/securecoding-logo.png)
Secure Coding mailing list archives
re-writing college books - erm.. ahm...
From: rcs at cert.org (Robert C. Seacord)
Date: Sat, 28 Oct 2006 09:43:58 -0400
Crispin, I think you may have over spoken below:
Seeking perfect correctness as an approach to security is a fool's errand. Security is designing systems that can tolerate imperfect software.
I could go along with "achieving perfect correctness as an approach to security is a fool's belief" but I believe the desire to achieve correctness is a prerequisite for security. More specifically, I have found that systematic schemes for providing software security (such as memory protection, canaries, etc.) are generally ineffective once a coding error (such as a buffer overflow) allows an attacker to penetrate the peripheral defense of code correctness. Given the current state of software security, I don't think any security "best" practice can abandoned and that defense-in-depth is a practical necessity. Also, back on the book topic, I recently heard of an older but successful book that did nothing but take examples from other books and show in detail how they were incorrect. Perhaps such a "supplemental" text could be developed for commonly used text books. rCs
Current thread:
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet], (continued)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 05)
- re-writing college books - erm.. ahm... Gadi Evron (Nov 05)
- re-writing college books - erm.. ahm... Wall, Kevin (Nov 06)
- re-writing college books - erm.. ahm... pete werner (Nov 06)
- re-writing college books - erm.. ahm... Paul Powenski (Nov 06)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 06)
- re-writing college books - erm.. ahm... Gunnar Peterson (Oct 30)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] David Crocker (Oct 28)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Nov 02)